17440f7c1ce01514db84686e75481e7b851bf005624b8c36c76fbf72dec35fe0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

17440f7c1ce01514db84686e75481e7b851bf005624b8c36c76fbf72dec35fe0_NeikiAnalytics.exe
Size

378KB
MD5

38344704b53b942c7d423a8f29368af0
SHA1

87736a7aecfec1d62552ace7e89d6b13f911324c
SHA256

17440f7c1ce01514db84686e75481e7b851bf005624b8c36c76fbf72dec35fe0
SHA512

2fe171915e47c790e484eb17926fd7680904f762ca54ee86273e95300927f9599f22f6cfe14ca0c28b9890625482978689b95f997337b7c563894fc6cc66ed36
SSDEEP

6144:08OQqQJB/ocL08oy7Fnz+req4OInAe2DaO3UJKe:d1Bb47y7FnzzL

Score

1^/10

Malware Config

Signatures

Files

17440f7c1ce01514db84686e75481e7b851bf005624b8c36c76fbf72dec35fe0_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

f4db19d5b5299b5da3611dd1563c0b88

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:16:f1:ef:83:61:80:f1:c7:d0:db:9e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:47

Not After

27/11/2024, 08:47

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:b5:f7:5b:16:73:56:9e:5a:f8:fd:7f:2c:4b:a3:6f:31:42:48:f7:09:9d:e8:c3:33:92:34:a3:e6:81:9f:00
Signer

Actual PE Digest

9b:b5:f7:5b:16:73:56:9e:5a:f8:fd:7f:2c:4b:a3:6f:31:42:48:f7:09:9d:e8:c3:33:92:34:a3:e6:81:9f:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\ProjectSVN\koan_release\trunk\Src\koan\renderer\_wingdi.pdb

Imports

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeGetDevCaps

gdiplus

GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipGetLogFontW
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetDC
GdipReleaseDC
GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipFree

kernel32

CreateThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
LoadLibraryExA
GetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
GetDateFormatW
GetLocaleInfoW
GlobalLock
GlobalUnlock
LoadLibraryW
FreeLibrary
GetProcAddress
GlobalAlloc
LoadLibraryA
GetTimeFormatW
CreateFileW
FlushFileBuffers
ReadFile
DecodePointer
CloseHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentProcessId
WriteFile
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
GetVersion
GetTickCount
GetVersionExA
GetVersionExW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GlobalSize
GlobalFree
lstrlenW
CopyFileW
GetTimeZoneInformation
MultiByteToWideChar
SetEnvironmentVariableW
RaiseException
GetCurrentThreadId
CreateEventW

user32

DeleteMenu
DrawIcon
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
SetWindowRgn
GetWindowRgn
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
MessageBoxW
ShowCursor
ClipCursor
ClientToScreen
ScreenToClient
MapWindowPoints
CopyRect
IntersectRect
OffsetRect
PtInRect
EnumChildWindows
GetWindowThreadProcessId
GetLastActivePopup
LoadCursorFromFileW
IsWindowEnabled
LoadImageW
CreateIconIndirect
GetIconInfo
SystemParametersInfoA
SystemParametersInfoW
GetCursorInfo
GetAncestor
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
UnregisterClassW
EnableMenuItem
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DestroyWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
SendMessageW
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetLastInputInfo
GetKeyboardState
RegisterClipboardFormatW
BringWindowToTop
IsIconic
SetWindowPlacement
FlashWindowEx
SetLayeredWindowAttributes
IsWindow
GetClassInfoW
RegisterClassW
AttachThreadInput
ShowWindow
RegisterPowerSettingNotification
UnregisterHotKey
RegisterHotKey
TrackMouseEvent
DestroyCaret
GetKeyboardLayout
SetParent
GetKeyState
EmptyClipboard
SetClipboardData
GetWindowPlacement
GetSystemMenu
GetActiveWindow
GetSystemMetrics
SetWindowPos
DestroyCursor
LoadCursorW
GetParent
FillRect
WindowFromPoint
ShowCaret
CreateCaret
GetCursorPos
SetCursor
GetClientRect
EnableWindow
SendInput
GetAsyncKeyState
GetFocus
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
IsWindowVisible
PostMessageW
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
SetFocus
DestroyIcon
MoveWindow
RegisterClassExW
UnregisterPowerSettingNotification

gdi32

CreateSolidBrush
SelectObject
CreateFontIndirectW
SetBkColor
SetTextColor
GetTextMetricsW
GetDeviceCaps
EnumFontFamiliesW
CopyMetaFileW
CreateRectRgn
CreateRectRgnIndirect
ExtCreateRegion
GetClipBox
OffsetRgn
GetObjectW
DeleteObject
CombineRgn
GetStockObject
GetDCOrgEx

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CoCreateInstance

python27

PyExc_IOError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_NotImplementedError
PyExc_SyntaxError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyExc_ZeroDivisionError
PyGILState_GetThisThreadState
PyEval_SaveThread
PyEval_RestoreThread
PyObject_CallObject
_PyThreadState_Current
PyEval_CallObjectWithKeywords
PyObject_GenericGetAttr
_PyObject_GetDictPtr
PyObject_GetAttr
PyType_IsSubtype
PyObject_Call
PyExc_AttributeError
PyTuple_SetItem
PyTuple_New
PyCallable_Check
PyObject_GetAttrString
_Py_TrueStruct
_Py_ZeroStruct
PyObject_CallMethod
PyErr_Print
PyArg_Parse
PyErr_Occurred
PyDict_GetItemString
PyList_SetItem
PyList_GetItem
PyList_Size
PyList_New
PyInt_AsLong
Py_DecRef
PyGILState_Release
PyGILState_Ensure
PyInt_AsUnsignedLongMask
_Py_NoneStruct
Py_BuildValue
PyArg_ParseTuple
PyString_AsString
_PyWeakref_CallableProxyType
_PyWeakref_ProxyType
PyInstance_Type
PyClass_Type
PyFloat_Type
PyType_Type
PyObject_Size
PyObject_CallFunctionObjArgs
Py_InitModule4_64
PyModule_AddObject
PyErr_Clear
PyArg_UnpackTuple
PyErr_SetString
PyCObject_Import
PyCObject_FromVoidPtr
_PyInstance_Lookup
PyInstance_NewRaw
PyModule_GetDict
PyDict_SetItemString
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyString_AsStringAndSize
PyString_Format
PyString_ConcatAndDel
PyString_FromFormat
PyString_FromString
PyString_FromStringAndSize
PyFloat_AsDouble
PyFloat_FromDouble
PyLong_AsLongLong
PyLong_FromVoidPtr
PyLong_AsDouble
PyLong_AsUnsignedLong
PyLong_AsLong
PyBool_FromLong
PyInt_FromLong
PyUnicodeUCS2_AsWideChar
PyUnicodeUCS2_FromWideChar
PyUnicodeUCS2_GetSize
PyUnicodeUCS2_FromObject
PyUnicodeUCS2_AsUnicode
PyObject_Init
PyObject_Free
PyObject_Malloc
Py_VaBuildValue
PyObject_IsTrue

msvcp110

?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcr110

__clean_type_info_names_internal
?terminate@@YAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
memmove
wcsncpy_s
mbstowcs
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
wcschr
wcstok_s
_wcsicmp
free
malloc
??_V@YAXPEAX@Z
printf
sprintf_s
iswspace
memcpy_s
_wtoi
vswprintf_s
_vscwprintf
memcmp
_vswprintf
__C_specific_handler
fputs
strcpy_s
strnlen
strncmp
strncpy_s
strstr
__crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
vsprintf_s
strcmp
wcsnlen
?_type_info_dtor_internal_method@type_info@@QEAAXXZ

Exports

Exports

init_wingdi

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4db19d5b5299b5da3611dd1563c0b88

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

26:16:f1:ef:83:61:80:f1:c7:d0:db:9eCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

9b:b5:f7:5b:16:73:56:9e:5a:f8:fd:7f:2c:4b:a3:6f:31:42:48:f7:09:9d:e8:c3:33:92:34:a3:e6:81:9f:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

gdiplus

kernel32

user32

gdi32

comdlg32

ole32

python27

msvcp110

msvcr110

Exports

Exports

Sections

.text Size: 239KB - Virtual size: 238KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 14KB - Virtual size: 31KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

26:16:f1:ef:83:61:80:f1:c7:d0:db:9e
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

9b:b5:f7:5b:16:73:56:9e:5a:f8:fd:7f:2c:4b:a3:6f:31:42:48:f7:09:9d:e8:c3:33:92:34:a3:e6:81:9f:00
Signer

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 14KB - Virtual size: 31KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB